Rogue No More: Securing Kubernetes with Node-Specific Restrictions
CNCF [Cloud Native Computing Foundation] via YouTube
Overview
Learn about critical Kubernetes security enhancements in this technical conference talk that addresses the vulnerabilities of components running across multiple nodes. Discover how daemonset components performing node-specific actions can create security risks and potentially lead to cluster attacks or takeovers. Explore practical solutions through new security features focusing on bound service account tokens and their integration with validating admission policies to enforce per-node restrictions. Follow along as Microsoft's Anish Ramasekar and Apple's James Munnelly demonstrate implementation strategies for achieving robust node isolation, effectively preventing escalation attacks and strengthening cluster security.
Syllabus
Rogue No More: Securing Kubernetes with Node-Specific Restrictio... Anish Ramasekar & James Munnelly
Taught by
CNCF [Cloud Native Computing Foundation]